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Welcome to the Qualys Community Edition 


Qualys Community Edition provides organizations with the ease of use, scalability, 
precision and centralized management of the Qualys Cloud Platform, free of charge. This 
cloud-based offering allows organizations to protect themselves from threats present in 
the wild without deploying any hardware or incurring maintenance costs. 

Key Features 


- Map your entire IT environment and discover all your assets, wherever they are — in the 
cloud or on premises 


- Detect and assess vulnerabilities on internal and external IT assets and infrastructure 


- Scan a public-facing or internal web application for vulnerabilities, including the OWASP 
Top 10 


- Customize dynamic dashboards to reflect your organization’s critical security 
information 


Qualys Community Edition Includes 

- 16 Cloud Agents 

- Vulnerability Management for 16 Internal and 3 External IPs 

- Web Application Scanning for 1 URL 

- 1 Virtual Scanner Appliance 

- CloudView for inventorying public cloud workloads and infrastructure 


Limited version of Express Lite 


Qualys Community Edition is a limited version of Express Lite, but scan functionality, full 
CVE coverage, and Six Sigma accuracy remain the same. See Community Edition vs. 
Express Lite. 
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Get Started 


We'll help you become familiar with the Qualys UI and complete your first scan. 
Quick Steps 

Add and organize your assets 

Add a Virtual Scanner Appliance 

Configure scan settings 

Start your first scan! 


Deploy cloud agents for continuous assessments 


Add and organize your assets 


Add IP addresses for scanning 


The first thing you'll want to do is tell us the IPs/ranges that you want to scan and report 
on. In Qualys VM, go to Assets » Host Assets. From the New menu, select IP Tracked Hosts, 
DNS Tracked Hosts or NetBIOS Tracked Hosts. The tracking method you choose will be 
assigned to all of the hosts being added. 


About the tracking method... 
© Qualys. Community Edition 
Vulnerability Management — v | By default we track hosts by IP address. 
Dashboard Scans Reports Assets KnowledgeBase Users You'll notice that you have the option to 


add hosts tracked by DNS and NetBIOS 
hostname, which allows for reporting 
host scan results in dynamic networking 
= us environments. For example, you may 


a= 
a= Assets Asset Groups Host Assets Asset Search Virtual Hosts 


New v || Search| | Fites w | [ Display Comments | 


E 2 want to use DNS or NetBIOS hostname 
EO ERED) sena tracking if the hosts on your network are 
E c Download. . . 

B 30302451-10:102458 assigned IP addresses dynamically 

Bo 10.10.24.60 through DHCP. 


Review the number of IPs in your account. To start you'll have 16 internal and 3 external 
(perimeter) IPs. The number of IPs in the subscription is the number of IPs already added. 


New Hosts LaunchHelp A x 


General Information: > x 
CE >| General Information: 


Host IPs 


VM Module 


Host Attributes 
IPs Purchased (Internal): 


IPs Purchased (Perimeter): 


IPs In Subscription: 
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Now jump to the Host IPs tab. Enter the new IPs you're adding and click Add. That's it! The 
new IPs will appear on your Host Assets list, and they’re ready for scanning. 


New Hosts Launch Help x 


Ger I Infe ion: 
neral Information: Host IPs 


Enter IPs and ranges in the field below. See the Help for proper formatting. 


Is: * 
10.10.10.180-10.10.10.181] 


Host Attributes 


(ex: 192.168.0.200,192.168.0.87-192 168.0.92) 


Validate IPs through Whois 


Add domains for mapping 


Qualys uses a domains concept for its network mapping process. “Domain” in this context 
is our name for a DNS entry, for a netblock, or for a combination. Go to Assets » Domains 
and select New » Domain. 


© Qualys. Community Edition 


Vulnerability Management — v 


Dashboard Scans Reports Assets KnowledgeBase Users 


= 
ea ede oe cn MEC I E ES Domains 


| New v. | | Search | 
| 


| Download. 


Enter one or more domains and netblocks (see the help for proper formatting). Click Add. 


New Domains LaunchHelp A x 


, 
Domains 


Enter domains and netblocks in the field below. See the Help for proper formatting. 


Whois | 


Domains:* |qualys-test.com 


(ex: qualys-test.com:[192.168.0.87-192.168.0.92, 192, 168.10.10-192.168,10.42]) 


Qualys provides a demo domain called “qualys-test.com” for network mapping. This 
domain may already be in your account. If not you can add it yourself. Note that the 
devices in the demo domain reside in Qualys Security Operations Centers, so the Qualys 
Internet scanners can be used for mapping this domain. 
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Discover your network 


Launch maps to discover your network devices and report comprehensive information 
about them. After discovering live devices on your network you can add them to your 
account and start scanning them for vulnerabilities. 


Go to Scans > Maps, then select New > Map (or Schedule Map). 


Vulnerability Management X 


Dashboard Scans Reports Assets KnowledgeBase Users 


[3] Scans | Scans Schedules Appliances Option Profiles 
New v. || Search) | Fiters ve 


Map... 


Schedule Map. 


Domain. 
Asset Group. 
Option Profile 


Download. 


Choose your map options. 


Launch Map Launch Help 


i 
" To launch a map select the targets you want to discover and specify the map's settings. 


| General Information. 7 | 


Give your map a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner 
from the Scanner Appliance menu for internal scans, if visible. 


Title: My First Map 
Option Profile Copy of Initial Options (default) | B View 
Target Domains 
| Tell us which domains and IPs to map. A separate map will be launched for each target. 
Asset Groups Select items. Q~ *k Select 
Assets from Asset Groups [V] Domains 
E Ps 
Domains / Netblocks qualys-test.com +k Select 


| qualystest com 
www.qualys-test.com:]192.168.0.1-192.168,0.254] 
| 10.10.10.10-10.10.10.15 
f 
| 


Launch Cancel 


Option Profile - Choose an option profile with the map settings you want to use. Tip - For 
mapping IPs/ranges without a domain, be sure to enable the map option “Perform live 
host sweep” in the option profile applied to the task. 


Scanner Appliance - If you have a virtual scanner, then you can use it for mapping private 
use internal IPs. If not, we'll use external scanners to map your network perimeter. 


Target Domains - Specify any combination of asset groups, domains and IPs/ranges for 
your map target. Enter asset groups in the Asset Groups field, and enter domains and IPs 
in the Domains/Netblocks field. 
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We'll create a separate map report for each target. That means we'll create a separate 
map for each domain plus a map for any IPs entered. These maps will run sequentially - 
one at a time - and each map will use a single scanner appliance. 


When the map status is Finished, choose View Report from the Quick Actions menu. 


Vulnerability Management V M fey Help w | Patrick Slimmer (quays ps)'w | Logout 


Dashboard | Scans Reports Assets KnowledgeBase Users 


Scans Schedules Appliances Option Profiles Authentication Search Lists Setup 


ov Eis 


7 Status 


[new v] ( Search] rites ve 


] |1-10f1 


Targets Launched User Reference Date 


Quick Actions €] Patrick Slimmer map/1831172698.48289 07/09/2018 at 44:44:58 (GMT-0700) Finished. 
View Graphic Mode 

View Report 

Download 


Relaunch 


In the Results section you'll see a list of the hosts detected on the mapped domain. For 
each host, you'll see the IP address, DNS and NetBIOS hostnames, the router being used by 
the host and the operating system. 


————————— 
Filey View» Help% 
Actions: Add to a new Asset Group v 
| © Qualys. Community Edition 
E 

Map Results July 09, 2018 
Patrick Slimmer Qualys, Inc. 07/09/2018 at 15:12:22 (GMT-0700) 

quays ps 919 E Hillsdale Blvd, Floor 4 Sort By. IP Address 

Manager Foster City, California 94404 

United States of America 

Report Summary 

Domain: qualys-test.com 

Map: 

Type: On demand 

Status: Finished | 

Title: My First Map | 

Launch Date: 07/09/2018 at 14:45:38 (GMT-0700) 

Reference: map/1531172698.48289 

Duration: NIA 

Total Hosts Found: 37 

Scanner Appliance: 10.10.21.184 (Scanner 10.2.45-1, Vulnerability Signatures 2.4.370-2) 

Option Profile: Copy of Initial Options. 

Results 

qualys-test.com (57) 

Ojr ‘DNS ‘NetBIOS ‘Router jos ASLN 

>» © 10.1.11 fw.qualys-test.com Cisco IOS 12 L 

> E] 101412 ws1.corp.qualys-test.com WS1W2K 10.1.1.1 Windows 2000 L 

» E] 101.13 'ws2.corp.qualy-test.com WS2W2K 10.1.1.1 Windows 2000 L 

> 10.1.15 10.1.1.1 D-Link Wireless Access Point L 

> E] 101.18 hplazerjet.corp.qualys-test.com 10.1.1.1 HP JetDirect L 

> 10.1.1.10 dhcp.corp.qualy-test. com 10.1.1.1 Linux E 

> O 1011.11 app.corp.qualys-test.com APPW2K 10.1.1.1 Windows 2000 L 

p E 10.1.1.13 proxy.corp.qualys-test.com 10.1.1.1 Linux L 

p E 1024.15 wk7.frcorp.qualys-test.com wk7w2k3, 10.1.1.1 Windows 2003 Service Pack 2 L 


Map Results 


Filey Viewr Help” 


Actions: Add to a new Asset Group - 


=| [Lappi] 


Add to a new Asset Group 
Add to Asset Groups 
Remove from Asset Groups 
Launch Vulnerability Scan 

| Schedule Vulnerability Scan 
Maj car 

Patrick | Purge 

piena q Add to Subscription 
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Map Results 


File» | View | Help» 
Expand All 


United States of America 


nity Edition 


lisdale Blvd, Floor 4 
ity, California 94404 
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Map results are closely integrated with scan 
capabilities. There are several actions you can 
perform on the hosts listed in your map results. 
For example, you can scan hosts right away, you 
can add newly discovered hosts to your account. 
Select the check box next to each host to include 
in the action, select an action from the Actions 
drop-down menu (at the top of the report), and 


then click Apply. 


Go to View > Graphic Mode to change the format 
of your map results to graphic mode. 


Action i bd 
Collapse All 
Graphic Mode 

© Qualys. Community Edition 


Map Results 


Patrick Slimmer 
quays_ps 


Qualys, Inc. 
919 E Hillsdale Blvd, Floor 4 


Manager 


Foster City, California 94404 
United States of America 


Your map results will appear in a graphical view like shown below. Use the Summary on 
the left to drill-down into results or enter a search query at the top of the page. 


Map Results: My First Map Tum help tips: On | Off Launch Help 
| Domain: qualys-testcom Search results by IP address, Hostname, or use filters 
I) 
Results are listed with the total number of findings | 
sorted by IP address eee 
| 
Total Hosts in Domain - 
57 i - | 
Q & 
New Hosts E nm 
h demoli - & © 
P demora Smtp dmz (8) waa 
New Approved 0 n ad A) 
57 pp [o] e a: Se = 3 
- ~ demos £ proxy 
demon 4 A A E 
Scannable @Ð ive B fa oe cn = E we 
2) Q S Q 
motü - Sas demote 3 
InNetbock Rogue pads cons e wos e z e 
e fw (s a shop = 
Operating System Families demons Eo deme? "o 
> demo04 e - 
4 Q 8 s d 
= el E hplazerjet S 
4m F^ E a» demotà x z zi «s 
TEM E qualys-test.com (5) A E 
dem? gig a a e 
demoi A ws2 E 
eJ 23 
demo2 e Al P- 
E e m 
T $e e demo: demo: & 
xat demos 
m frm 
a É 9 uu = Wu 
/ windows € Linux [19] ra demot demo? £^ 
d gest (8) gwgva (8) 2 
demos 
® other e Roue — K3 - e 
C) demos demo! A 
E f Nat 
demo? & m demo? 
demos demos 
————— == = = d 
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Organize assets into asset groups (optional) 


Asset groups give you a convenient way to make logical groupings of the assets you want 
to scan and report on. The same assets can appear in multiple groups as needed. 


Go to Assets > Asset Groups and select New > Asset Group. Give the group a name, then go 
to the IPs section to add IPs to the group and go to the Domains section to add domains to 
the group. Hit Save when you're done. 


New Asset Group Launch Help x 
Asset Group Title 
IP Hosts 
IPs > Use the selections below to designate which hosts this asset group will contain 
Domains Enter or Select IPs/Ranges: Select IPs/Ranges | Select Asset Group | Remove | Clear 
10.10.10.180-10.10.10.181 
Business Info 
Comments 
[E] Display each IP/Range on new line 
cae 
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Add a Virtual Scanner Appliance 
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Your Community Edition subscription allows 1 virtual scanner appliance for internal 
scanning. Go to Scans > Appliances and select New > Virtual Scanner Appliance. 


© Qualys. Community Edition 


Vulnerability Management Y 


Dashboard Scans Reports Assets KnowledgeBase Users 


[3] Scans | Scans Maps Schedules Appliances Option Profiles 


| New v. | | Search 


Scanner Appliance. 
Virtual Scanner Appliance... 


Replace Scanner Appliance.. 


Download... 


Click Start Wizard and we'll walk you through the steps. 


You have 983 virtual scanner license(s) available. Choose one of the options below to get started 


Get Started Download Image 
Only 
Help me to select the right | want to download the 
virtual image and configure virtual image now and 
my scanner. configure my scanner later. 


Donnien 


I Have My Image 


I'm ready to complete the 
configuration of my scanner. 


Activate Your Virtual Scanner 


Configure your scanner and activate it using the personalization code below. For 
more help, review the configuration guide for step-by-step instructions. 


Virtual Scanner Name 
My Scanner 


Need help configuring your virtual scanner? 
See How To steps at the Qualys Community 


Check Activation ~ 
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Complete the 
configuration using the 
virtual scanner console or 
cloud platform (this is 
when you'll need the 
personalization code). 


Qualys Community Edition 
Get Started 


Be sure activation is successful 


Your appliance needs to make a connection to our cloud platform. You'll see the friendly 
name and IP address when the activation is complete. It may take a few minutes for the 
appliance activation to occur. 


Check your virtual scanner status 


Your appliance must be connected to our cloud platform. Go to Scans » Appliances to 
check your appliance status. Select your scanner and you'll see the preview pane. 


Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


| New ¥ || Search 1-10f1 iv 


Appliance + ID LANIP Polling Scanner Signatures Last Update 
My. Scanner © 70343780380320 10.100.16.107 180 seconds 10.245-1 24369-1 07/06/2018 at 11:28:07 (GMT-0700) | ®© (2) 


Preview | Actions: 


Owner: Irina Starsky (Manager) | Connected on: 07/06/2018 at 13:57:54 (GMT-0700) | Verified on: 07/06/2018 at 13:58:03 (GMT-0700) | Connected 


Summary: The appliance is online and its software versions are up to date. 


Hearbeat Checks Missed Latest Scanner Version Latest Signature Version Available Capacity 


0 10.2.45-1 2.4.369-1 100% 


Ò 


1- @ tells you the virtual scanner is ready. Now you can start internal scans! Next to this 
you'll see the busy icon is grayed out until you launch a scan using this scanner. 


2 - This shows you it's a virtual appliance. 
3 - Latest software versions - these are installed as part of the activation. 


4 - The available capacity will be 100% until you launch a scan. 


Configure scan settings 


An option profile includes scan settings that you’ll choose at scan time. With a 
Community Edition subscription you get 3 profiles to start and you can add 1 custom 
profile. Create a profile from the New menu or edit a default profile to save a copy. 


Go to Scans > Option Profiles to configure scan settings in option profiles. 


© Qualys. Community Edition 


Vulnerability Management Y 


Dashboard Scans Reports Assets KnowledgeBase Users 


E3 Scans | Scans Maps Schedules Appliances Option Profiles Authentication 
Seo 
O $ Title 
® Copy of Initial Options (default) 


ÉO ®& initial Options 


E © 2008 SANS20 Options 


© Qualys Top 20 Options 
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Host Authentication is recommended 


Qualys Community Edition 
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Using host authentication (trusted scanning) allows our service to log in to each target 
system during scanning. For this reason we can perform in depth security assessment and 


get better visibility into each system's security posture. 


Running authenticated scans gives 


you the most accurate results with fewer false positives. 


How to setup authentication: 


1) Enable authentication in the option profile that you 


Authentication 
Authentication enables the scanner to log into hosts at scan time to extend detection capabilities. See the online help to learn 
how to configure this option. 


Windows 
UnixCisco 
Oracle 


(vi 
(vi 


EERE) 


] Oracle Listener 

SNMP 

[7] VMware 

F DB2 

7] HTTP 

E MsQL 

Tomcat Server 

MongoDB 

Palo Alto Networks Firewall 


m 
lal 


2) Add authentication records for your host technologi 


ll apply to your scan. 


In the option profile, go to 
the Scan tab, scroll down to 
Authentication, and select 
each type of authentication 
you want to use. 


es. Go to Scans » Authentication 


and create new records from the New menu. For each record you'll provide login 
credentials that our service will use to log in to each host at scan time. 


© Qualys. Community Edition 


Vulnerability Management Y 


Dashboard Scans Reports Assets KnowledgeBase Users 


Schedules Appliances Authentication 


Option Profiles 


v| |New w 
[C] Type ^ Title IPs #IPs 
[7] unix Unix 10.10.10.180-10.10.10.181, 10.10.24.11, 10 13 
E Windows windows 10.10.10.180-10.10.10.181 2 


Heipw Patrick Slimmer (quays ps) w | Logout 


E 


Search Lists Setup 


Show Graph 


1-2of2 wv 


Modified Owner Details 
06/28/2018 Patrick Slimmer (Manager) Details 


06/28/2018 Patrick Slimmer (Manager) Details 
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Start your first scan! 


You're now ready to start a vulnerability scan. 


Go to Scans > New > Scan. (Want to schedule your scan?) 


© Qualys. Community Edition 


Vulnerability Management v 


Dashboard Scans Reports Assets KnowledgeBase Users 


Maps Schedules Appliances Option Profiles 


New w || Search | | Filters w 


| Schedule Scan 


Host » 
Asset Group. 


Option Profile 


Download. 


Choose your scan settings. 


Launch Vulnerability Scan Tum help tips: On | Off. Launch Help 


General Information 


Give your scan a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner 
from the Scanner Appliance menu for internal scans, if visible 


Title My First Scan 
| 

Option Profile: * (1) Copy of Initial Options (default) *k Select 
| rm 

Processing Priority: 0 - No Priority >| 


Scanner Appliance: e Scanner Appliance not available 


Choose Target Hosts from 


Tell us which hosts (IP addresses) you wantto scan. 
@ Assets © Tags 


Asset Groups © Select items... OQ ~| "Seed 
IPs/Ranges 10.10.10.80-10.10.10.81 *k Select 


192.168.0.87-192.168.0.92, 192.168.0.200 
Exclude IPs/Ranges *k Select 


182.168.0.87-192 168.0.92, 192.168.0.200 


Launch Cancel 


-) 


— 


1) Option Profile - You can choose one of the default profiles provided or the custom 
profile that you previously saved, if applicable. 


(2) Scanner Appliance - If you added a virtual scanner then you can choose the scanner for 
an internal scan. If you don’t have a scanner, then we'll use external scanners for a 
perimeter scan. 


(3) Scan Target - Click Assets to select a combination of asset groups and IP addresses to 
scan. Or Click Tags to select one or more asset tags to scan. 


That's it - just click Launch and you're done. 
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You'll see your scan in the scans list where you can track its progress. 


Vulnerability Management v É] Help | Patrick Simmer (quays ps) ~ | Logout 


Dashboard Scans Reports Assets KnowledgeBase Users 


[Y] Scans Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setu > 


vw |New v || Search | | Filters w ] | 1-10f1 l o- Gea 
Title Targets User Reference Date > Status 


(€) MyFirst Scan 10.10.10.180-10.10.10.181 Patrick Slimmer scan/1530919178.46164 ^ 07/06/2018 Finished — [5] 


@ means results are processed and available in your account. 


O means the scan is finished but the results are not processed. Go to Filters > Processing 
Tasks to see the status. 


Want to schedule your scan? 


You can schedule the scan to run Weekly or Monthly. Just choose New » Schedule Scan. 
Like with an on demand scan, you'll choose an option profile, scanner appliance and 
target hosts. You'll also need to tell us when you want the scan to start and how often it 
should run. Make these settings on the Scheduling tab. 


New Scheduled Vulnerability Scan Turn help tips: On |Off Launch Help x 


Task Title z 
Scheduling 


Target Hosts 
Start Jul 06,2018 "57 | 16:30 


Scheduling ? (GMT -08:00) United States, California (Pacific Standar: Y.| [V] DST 


Notifications ? Duration: E| Pause after 01 hours 00 minutes 


Schedule Status Resume: Manually 00 hours 


Occurs: Weekly 


Every 1 weeks 


On Days: 
[v] Sunday F]Monday [Tuesday [V] Wednesday 
Thursday Friday Saturday 


[7] Ends after occurrences 
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Go to the Notifications tab if you want to be notified by email before the scan starts or 
when it’s finished. You can even customize the message included in the email body. 


New Scheduled Vulnerability Scan Turn help tips: On| Off Launch Help x 


Note - You are the 
Task Title ' Notifications task owner. 
Target Hosts Set up email notifications for you and other users. Enable email Notifications will be 
n = V] Send notification 2 Hours Ir] before scan starts ^ r i 
sched > sent to the email 
ad [V] Send notification after scan completes —Ó 7 
(off by default) address saved in 


Schedule Status S Wen nour Mis task ow your account. 


Custom Message 
The email will always include info like the title, owner, option profile and start time. 


Custom message for email sent before scan starts 
A Qualys scan is scheduled to start soon. 


Custom message for email sent after scan completes: 
A Qualys scan is finished. 


Vulnerability Management v V [S] | He v. | Patrick Simmer (quays ps) w Logout 


Dashboard Scans Reports Assets KnowledgeBase Users 


Scans S S Schedules Appliances Option Profiles Authentication Search Lists Setup 
5; w| |New v || Search | | Filters v | ] | 1-20f2 [ ov Ea 


.] (V Type Title Targets Scanner Assigned User Next Launch ^ Modified Previous Duration 


L| A d MyWeekly Scan Ag1 External Patrick Slimmer 07/08/2018 at 16:30:00 (GMT-0700) 07/06/2018 at 16:57:06 (GMT-0700) Not Available 
Scanner 


A @ scheudle scan 10.10.10.180-10.10.10.181, External Patrick Slimmer 07/12/2018 at 15:10:00 (GMT-0700) 06/28/2018 at 15:05:42 (GMT-0700) 00:12:56 
10.10.24.11, 10.10.24.30, Scanner 
10.10.24.51-10.10.24.58, 
10.10.24.60 


When the scan starts running (at its next scheduled launch time) you'll see it appear on 
the Scans list where you can track the status and view results when it's finished. 
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Deploy cloud agents for continuous assessments 


Using our revolutionary Qualys Cloud Agent platform you can deploy lightweight cloud 
agents for continuous security and compliance assessments. 


Overview 


With Qualys Cloud Agent you'll get continuous network security updates through the 
cloud. As soon as changes are discovered on your hosts they’ll be assessed and you'll 
know about new security threats right away. All you have to do is install lightweight 
agents on your hosts - we'll help you do this quickly! 


Install lightweight agents in minutes on your IT assets. These can be installed on your 
on-premise systems, dynamic cloud environments and mobile endpoints. Agents are 
centrally managed by the cloud agent platform and are self-updating (no reboot needed). 


Scanning in the Cloud We'll start syncing asset data to the cloud agent platform once 
agents are installed. Agents continuously collect metadata, beam it to the cloud agent 
platform where full assessments occur right away. Since the heavy lifting is done in the 
cloud the agent needs minimal footprint and processing on target systems. 


Stay updated with network security Scanning in the cloud uses the same signatures 
(vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. 
You'll get informed right away about new security threats using your Qualys Cloud 
Platform applications - Vulnerability Management (VM), Policy Compliance (PC), 
Continuous Monitoring (CM), AssetView (AV) and more! 

What do I need to know? 


There are a few things to know before you install agents on hosts within your network. 


We recommend these resources 


Cloud Agent Platform Introduction (2rn 10 s) 
Getting Started Tutorial (4m 58s) 

Qualys Cloud Platform 

Qualys Cloud Agent Getting Started Guide 


Cloud Agent requirements 
- We support: Windows, Linux/Unix (.rpm), Linux (.deb), Apple Mac OSX (.pkg) 


- Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private 
Cloud Platform) over HTTPS port 443. Go to Help » About to see the URL your hosts need to 
access. 


- To install Windows Agent you must have local administrator privileges on your hosts. 
Proxy configuration is supported 
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- To install Linux Agent, Unix Agent, Mac Agent you must have root privileges, non-root 
with Sudo root delegation, or non-root with sufficient privileges (VM scan only). Proxy 
configuration is supported. 


Steps to install agents 
- Create an activation key. This lets you group agents and bind them to your account. 
- Download the agent installer to your local machine. 


- Run the installer on each host from an elevated command prompt, or use group policy or 
a systems management tool. 


- Activate agents for modules in your subscription (i.e. VM, PC, etc). A license will be 
consumed for each agent activated. 


Get Started 
Select the Cloud Agent app from the app picker. 


Vulnerability Management {v 


AssetView 
Cloud Agent 
Vulnerability Management 
CloudView 
Web Application Scanning 


SSS 
E b 


Threat Protection 
TP 


‘Ubates: 


Agministraton 


Check out the Quick Start Guide (you can go to user name menu and select this option 
anytime). You'll see step by step instructions with links to the right places to take actions. 


Cloud Agent 


Dashboard Agent Management 


e to Qualys® Cloud Agent Platform 


ing up for our revolutionary new platform that etwori y s using lightweight agents. Its 


Get started with these quick steps See your agents > 


Become an expert in no time. 
Learn how it all works, what you will need and which preliminary steps you can take. 


9 © Cloud Agent Overview > 


("9 Download & Install Agents > 
és is step will help you create activation keys and set up agents. Already have an activation key? 
Click here 
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It's easy to install agents 
It just takes a few minutes to install an agent. Our wizard will help you do it quickly. 


You'll need an activation key. Select New Key to create one.This key provides a way to 
group agents and bind them to your account. For example, you can create different keys 
for various business functions and users. (Already have a key? Select a key on the 
activation keys list and choose Install Agent from the Quick Actions menu.) 


Cloud Agent {v bod Help w Patrick Slimmer w Log out 


Dashboard Agent Management 


@& Agent Management Agents Activation Keys Configuration Profiles 
~- Agents 


e Search 0 


Saved Searches * 


v | Install New Agent| | Activation Jobs 


Agent Host Version Status/Last Checked-in v Configuration Agent Modules Tags 


Ready to install cloud agents? 
You'll need an activation key to get started. 


Click here to get 
started 


Talready have keys 


Give your key a name and provision the key for the VM application. If you have additional 
apps like PC, FIM and IOC then you'll see them listed as well. Click Generate. 


New Activation Key Tum help tips: On |Off — X 


Create a new activation key 


An activation key is used to install agents. This provides a way to group agents and better manage your account. By default 
this key is unlimited - it allows you to add any number of agents at any time. 


Title vm-agents 
Select | Create 


(no tags selected) 


Provision Key for these applications 


Vulnerability Management 
r2] VM Minara iy s g 
100 Licenses Remaining 


Click here to 
generate the key 


* 
5 


4 


Unlimited Key 
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Review requirements and click Install Instructions for the target agent host. 


New Activation Key 


New activation key generated successfully 


Give your key a name and add tags to easily find agents installed using this key. We'll associate the tags to the agent 
hosts 


Activation Key 935b *-m ia ame ce tinet o o 


Key Type Unlimited key 


Installation Requirements 


B Windows Windows Client Versions 


BE (exe) Windows Server Versions \dnstel instructions 
Red Hat Enterprise Linux 
CentOS aaa 
Fedora i i 
Install instructions 
A Linux OpenSUSE —— 
(rpm) 


SUSE 
Amazon Linux 
Oracle Enterprise Linux 


Debian 
Ubuntu 


e Linux 
(deb) 
2, Mac Os X 


€ (o 
Q^ 
(rpm) 


Install instructions 


Install instructions 
ebore adu] 


IBM AIX 


Install instructions | 


Close 


Turn help tips lor x 


You'll download the agent installer and run it on your hosts. To run the installer you just 


copy and paste the command shown - it's that simple. 


| New Activation Key 


Close 
um. .J 


Turn help tips: On| Off — X 


You are ready to install the agent. 


Current agent version: 1.6.4.9 
Hash-SHA-256 : 0b6782 


Deploying in Azure Cloud 


Windows Installation Requirements 


ck here for the list of supported operation system versions. 
* To install the agent you must have local administrator privileges on your host 


* Your host must be able to reach the Qualys Cloud Platform or the Qualys Private Cloud Platform over HTTPS port 
443 
* Do you have a proxy? Learn more 


Steps to Install the Windows Agent 


Download the agent installer 
File will be saved to your downloads area, as defined by your local system. 


Copy QualysCloudAgent.exe to the host you want to monitor and run command, or use group policy or a systems 
management tool. Click here to troubleshoot. 


Copy and paste this command for installation 


QualysCloudAgent.exe Customerld={! 


ActivationId- (^ — » cm so 


Here's an example 


[BH CAWindowsisystem32 cmd.exe 


c: »QualusClouc 


Le EET) 
= — J 
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Run the installer on each 
host from an elevated 
command prompt, or use 
group policy or a systems 
management tool. 


Our installation guides will 
help you with additional 
options like setting up proxy 
support, and more. 


Installation Guides: 
Windows Agent 
Linux Agent 

Unix Agent 

Mac Agent 
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Analyze, Query & Report 


In this section we'll cover how to create reports in VM, and how to query assets, build 
widgets and dashboards in AssetView. 


How to Query Assets 


Vulnerability Management v Select the AssetView app from the app picker. 


Administration 


Go to the Assets tab. This is where you'll see an inventory of all your scanned assets. 


AssetView Y 


Dashboard Assets Templates 


‘= AssetView Assets [BES 


Saved Searches ~ 


Search... 


w| |Group assets by 


Asset Name os Last Logged-In User Activity 


10.10.24.12 ** CiscolOS Version 12.4(19) — Scanned 


10.10.24.12 57 minutes ago 


10.10.24.10 ** CiscolOS Version 12 4(195) Scanned 


10.10.24 10 an hour ago 


Start typing in the search field and you'll see a list of asset properties (tokens) you can use 
to search. Hover over the token name to see syntax help to the right. 


AssetView Y v Help w | Patrick Simmer w | Logout 


Dashboard Assets Templates 


‘= AssetView Assets MBESS 


Saved Searches ~ 


ope Wenn nnn start typing your search query here 


BiEnPorts. description Syntax Help 


ratingSystem 
[iEnPorts.detectedService lese 
d Use quotes or backticks Within values to help you find the operating system youre looking for. 
IPorts firstFound 


Examples 
EiEnPorts lastUpdated Show any findings with this OS name 


EiEnPorts port operatingSystem: Windows 2012 


EIEnPorts protocol how any findings that contain components of OS name 


BiEratinoSystem 


operatingSystem: “Windows 2512" 


Show any findings that match exact value "Windows 2012" 
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View Asset Details anytime 


The latest vulnerability data is always available in your assets inventory. Just select the 
asset name and choose View Asset Details from the quick actions menu. 


AssetView Y 


Dashboard Assets Templates 


[= AssetView 


Saved Searches ~ 


operatingSystem: cisco 


Group assets by 


Asset Name os 


10.10.24.12 2 Cisco IOS Version 12.4(19) 
10.10.24.12 


10.10.24.10 z aes prsion 12.4(19b) 
10.10.24.10 


Save Query 


Easily save your searches for reuse and share them with others. 


AssetView {v M Help w Patrick Simmer w Logout 


Dashboard Assets Templates 


‘= AssetView Tags 
t 


1 
Saved Searches ~ Createlainew soarch x create wise Gave) < Assets 
5 
E 
D 
s 


| operatingSystem: cisco Saved Searches Q Search 


Saved Searches allow you to quickly navigate from one search filter to another. 
m| [Group assets by. PL 


Search Title* (") REQUIRED FIELDS 
fet one pe Somos Toa 


10.10.24.12 Add this search to your favorites Scanned 


10.10.24.12 


Share this search with others an hour ago 


10.10.24.10 Scanned 
10.10.24.10 an hour ago 
Cent. š 


Download and export results 


It just takes a minute to export search results. Select Download from the Tools menu. Next 
choose an export format and click Download. 


AssetView *Y Heip w | Patrick Simmer w Logout 


Datalist Download 
Dashboard Assets Templates 


Select Download Format (") REQUIRED FIELDS 
(= AssetView 


n click the Download bt 1e data is available, the 
lly 


Saved Searches + m Assets 


operatingSystem: cisco © E| Comma-Separated Value (CSV) e Search 
Extensible Markup Language (XML) 

w| |Group assets by 
| Portable Document Format (PDF) 


Asset Name © Ea Microsoft Word (DOC) Sources Tags 


10.10.24.12 es Si 5 zm Compressed HTML pages (ZIP) 


10.10.24.12 © Web Archive (HTML) - For Intemet Explorer > 7 or any modem browser 


eines 


10.10.24.10 * CiscolOS| Select the timezone to use for dates included in the report 
10.10.24 10 


(GMT -07:00) GMT-07:00 (GMT-07:00 Etc/GMT47) 


= 
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Create widget 


You can create a widget based on your query and addit to your dashboard. First search for 
assets and then choose Create widget. Add a title, you'll see your query is populated for 
you, just one click to add to your dashboard. 


AssetView Y Help'w — Patrick Simmer w ^ Logout 


Dashboard Assets Templates 


‘= AssetView Assets [Bers 


Saved Searches ~ (Ç create widget save - Assets 


operatingSystem: cisco e Search 2 


Add a new widget to your dashboard 


Asset Name Customize the way that your widget looks 


10.10.24.12 


Bur 01 Name 


10.10.24.10 
10.10.24.10 Count able 
10.10 24.10 10.10.24.12 
Widget Títle* 
Query 


operatingSystem: cisco 


@ List assets © Group assets 
Columns to display* 
name * : 
Click here to add to 
Sort by 
dashboard --., 
name * 


Sort direction* 


Cancel Previous | ECCT DEE ety 


Organize assets using asset tags (optional) 


While in the AssetView app, jump over to the Tags section to configure tags so you can 
apply them to assets in your subscription. This helps you to organize your assets. You can 
apply tags to IP addresses and web applications. 


AssetView Y 


Dashboard Assets Templates 


‘= AssetView Assets 


Search Results 


Quick Filters 


[7] Not In Use 
[^] In scope 
[7] Favorite 


Color 
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In the Tag Creation wizard, enter the settings for your tag. You'll give the tag a name and 
configure a tag rule. The rule is used to evaluate asset data returned by scans. When asset 
data matches a tag rule we'll automatically add the tag to the asset. 


Tag Creation 


Step 2 of 3 


1 Tag details 


(2) Tag Rule 


3 Review And Confirm 


Cancel 


Set the tag type and rules 


Rule Engine 


| No Dynamic Rule| 

No Dynamic Rule 

Asset Name Contains 

Groovy Scriptlet 

IP Address In Range(s) 

IP Address In Range(s) + Network(s) 
Open Ports 

Operating System Regular Expression 
Software installed 

Vuln(QID) Exist 

Asset Search 


Create Reports 


lik 


Turn help tips 


Tip - Turn help tips on 


|Off Launchhelp d 
(in the wizard title 
bar) and we'll show 
UUUU| you help as you hover 
over the settings. 


There are several reporting options available in Qualys VM. For Community Edition 
subscriptions, you can run any of these template based scan reports: Technical Report, 


Executive Report, High Severity Report or a custom scan report. These reports provide 
different views of your data. 


Go to Reports » New » Template Based... Scan Report. Then choose a report template, pick 
a report format, select your report target and click Run. 


Vulnerability Management 


Dashboard Scans 


till Reports 


Reports Assets 


Reports 


Templates Risk Analysis 


v] (mme | Search | | Fitters w 


[C] View Report T 


Map Report. 


Template Based.. Scan Repot 6) aunched Report Template 


Authentication Report 


Compliance Report. 


Asset Search Report. 


Download. 


KnowledgeBase 


Users 


Search Lists 
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Web Application Scanning 


Qualys WAS is the most powerful web application scanner available. We'll help you set up 
your web application and run discovery and vulnerability scans. 


Quick Steps 
Add a web application 
Launch a discovery scan 


Scan for vulnerabilities 


Add a web application 
Select the WAS app from the app picker. 


Vulnerability Management {v 
sese 
m 


Threat Protection 


Utilities 
Administrabon 


Start by telling us about the web application you want to scan. Click Add Web Application. 


Web Application Scanning Y "A Help w | Patrick Simmer w ^ Logout 


Dashboard Web Applications Scans Detections Reports Configuration KnowledgeBase 


Dashboard 


Tue 10 Jul 2018 All Vulnerabilities Severity Severity GW) severity 
0 0 0 


0 total scanned web apps 


$ $ () camaLoG 
You have no web applications as of today. 


Please add a web application to get started. 


Click here to start 
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Choose the starting point 
Select Blank and you'll be able to build the new web asset from scratch. 


Web Application Creation 


Select the starting point for your web application. 


Existing Asset 


Add your web app settings 


The web application name and URL are required when adding a web app from scratch. 
Follow the wizard to complete all the steps and then save your web application. 


Web Application Creation Tum help tips: On| Off Launch help % Help Tips -Turn this on 

Step 1 of 11 Tell us about the asset you want to scan (in the title bar) and get 
help for each setting as 
you hover over fields. 


o Asset Details © @ Definition (") REQUIRED FIELDSI 


: " Let's start with some basic information 
2 Application Details 
Name* 


Scan Settings [My Web Application. 


Crawl Settings Target Definition duse PEE 
Redundant Links Web Application URL* 

http:// mfWebapp.com ] 
Authentication It is your responsibility to verify that you have permission to scan all web applications that you specify as scan targets. 


Custom Attributes 


Crawl Exclusion 
Lists 


Provide attribute information that will help you categorize this web application within your subscription 
Advanced Options 
Name Value 


Malware Monitoring [3ason 


Comments 
Tags 


i f 
Ravieschedcontim Select tags to apply to the web application Select | Create | Remove A 


emen 


26 


Qualys Community Edition 
Web Application Scanning 


Your new web application appears in the Web Applications tab, where you can edit the 
application settings or launch a scan on it. 


Web Application Scanning v Help w | Patrick Slimmer Logout 


Dashboard Web Applications Scans Burp Reports Configuration KnowledgeBase 


E Web Application Management Web Applications Authentication Detections Catalog Maps 


Search Results v | | New Web Application | | Import | | New Scan w | | New Schedule w | 1-3of3 


Name #Pages — fVulns Severity MDS Severity Scanned Updated v 


http://10.10.26.238:80. 


Why use authentication? 


Using authentication allows our service to access to all parts of your web application 
during the crawling process. This way we can perform more in-depth assessment of your 
web application. Some web applications require authenticated access to the majority of 
their functionality. Authenticated scanning can be configured for HTML forms like login 
pages and server-based authentication (HTTP Basic, Digest, NTLM, or SSL client 
certificates). Just go to the Authentication tab, select New Record and configure an 
authentication record with access credentials. Form and server authentication may be 
combined as needed - we'll monitor the session state to ensure an authenticated scan 
remains authenticated throughout the crawl. 


Warning about scans and their potential impact 


Web application scans submit forms with test data. If this is not desired you should add 
configurations for black lists, POST data black lists, and/or select the GET only method 
within the option profile. Keep in mind when these configurations are used, testing of 
certain areas of the web application is not included and any vulnerabilities that exist in 
these areas may not be detected. 


Launch a discovery scan 


A discovery scan finds information about your web application without performing 
vulnerability testing. This is a good way to understand where the scan will go and whether 
there are URIs you should blacklist for vulnerability scans. 


Go to Web Applications (on the top menu) and then select New Scan » Discovery Scan. 


Web Application Scanning v 


Dashboard WebApplications Scans Burp Reports Configuration KnowledgeBase 


E Web Application Management Web Applications Authentication Detections 


Search Results | Actions ~ | | New Web Application | | Import | | New Scan v | | New Schedule v | 


co Discovery Scan 
E h E a 
— a Name Vulnerability Sca! pages #Vulns Se 


| 
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The launch scan wizard walks you through the steps. Tell us the web application you want 
to scan and select scan settings (* means required). Click Continue to walk through the 
discovery scan wizard. Then click Finish when you're done. 


Launch New WAS Discovery Scan Tum help tips: On| Off Launchhelp X 


Step 1 of 3 Name your scan and configure target to be assessed 


o Scan Details v (") REQUIRED FIELDS 
Scan Name* My Discovery Scan 
2 Scan Settings v 


3 Review And Confirm Scan Target 


Tell us the web applications you want to scan for security risks. 


@ Names 
e list includes all web applications you have access to 
Web Applications* Please select a web application 4X» Y. Remove All 


Demo Web Application Remove | View 


The scan view 
Double click the finished scan to see the scan view. 


(3) Scan Management Scan List Schedules Option Profiles Defaults 


Search Results 0) w| [New Sean v | | |1-1of1 dv 


i Name Status Links Severity ScanDate v 
re es IN 


a Fitter Results [A] My Discovery Scan Finished 228 - 30 Jun 2017 m 


http.//10.10.26 238:80/ 


The Overview gives you an overview of the scan findings. 


Want to view the 


full scan report? 
Just click the View 


My Discovery Scan Report button. 


T 7 Target: Demo Web Application 
Status: Finished 


View Mode Scan findings overview 


Scan Details > 


Scan Settings > Authentication Status: None 
—————— Applications Scanned: {J 
Action Log > Start Date: 04 Jul 2017 3:07PM GMT+0530 


Duration: 00:39:33 


Crawling Time Assessment Time Operating System 
00:09:22 00:30:03 Linux 2.4-2.6 ... 


Links Collected Links Crawled Requests Performed Avg. Response Time 
13000 299 85836 0.030212 seconds 
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The full scan report 


Each QID is a security check we performed and gathered information on. Just click the row 
to see details. 


Be sure to check QID 


hili Report Management GCSE T MCA Scan repot x [pectic 150009 Links Crawled and 
45017 Operating System Detected 
150152 Forms Crawled QID 150021 Scan " 
150135 Strict Transport Security Missing Header Analysis Di agn O stic S to review 
150126 Links With High Resource Consumption important d ata about the 
150125 File Upload Form Found 
150115 Authentication Form found scan. 


150106 Content of crossdomain.xml 
150099 Cookies Issued Without User Consent 


150087 Web Service Found 
150082 Protection against Clickjacking vulnerability 


150058 Flash Analysis 
150054 Email Addresses Collected 
150041 Links Rejected 
150028 Cookies Collected 
150026 Maximum Number of Links Reached During Crawl 
150025 Exception At Scan Launch 
ia 150014 External Form Actions Discovered 
tt 150010 External Links Discovered 
m 45038 Host Scan Time 
rn 6 DNSHostName 


You'll see the results for QID 150009 Links Crawled gives you a listing of the links crawled. 


Information Gathered Details 
ba 150009 Links Crawled 


Finding # 691836* (37370147 Web Application Demo Web Application 
Information Gathered Authentication Not Used 


Detection Date 27 Jun 2017 5:54PM GMT+0530 


[V] Highlight changes from previous scan 


LA New - this link was not found in the previous scan 
|... Modified - this result was found by the previous scan but its value was different 
[i Removed - this link was not found, but was reported in the previous scan 
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Scan for vulnerabilities 


A vulnerability scan performs vulnerability checks and sensitive content checks to tell you 
about the security posture of your web application. 


What vulnerability checks are tested? 


We'll scan for all vulnerability checks (QIDs) listed in the KnowledgeBase unless you 
configure your option profile to limit the scan to certain vulnerabilities (confirmed, 
potential and/or information gathered). We constantly update the KnowledgeBase as new 
security information becomes available. 


Click KnowledgeBase on the top menu. 


Web Application Scanning Y Help w | Patrick Slimmer w 


Dashboard Web Applications Scans Detections Reports Configuration | KnowledgeBase 


KnowledgeBase KnowledgeBase 


Search Results Y | 1-20 of 38071 


Mu) c Name Information Category 


4 Filter Results 115767 SUSE Security Announcement: krbS (SUSE-SA:2008:016) 4*  . Local 


». identification 38698 PAN-OS Management interface Remote Code Execution Vulnerability (PAN-SA-2017-0027) General remote services 
» Severity Level 

» Scan Information 

ara 45224 Unofficial OpenJDK Detected Information gathering 


86175 Multiple Cross-Site Scripting Vulnerabilities Detected .. Web server 


» CVSS Information 11837 Java Deserialization Vulnerability Detected CGI 
» Compliance Information 91438 Microsoft Windows CredSSP updates for March 2018 Windows 
» Dates 

370946 IBM WebSphere Application Server information exposure vulnerability (sw922013601) . Local 


370951 Mozilla Thunderbird Multiple Vulnerabilities (mfsa2018-09) .. Local 


What is Severity? Each QID is assigned a severity level by our service: confirmed 
vulnerability (red), potential vulnerability (yellow) and information gathered (blue). 


Start your scan 
Go to Scans on the top menu and then select New Scan » Vulnerability Scan. 


Dashboard WebApplications Scans Burp Reports Configuration KnowledgeBase 


(9) Scan Management Scan List Schedules Option Profiles 


Search Results | Actions w | | New Scan w 
| Discovery Scan 
Search 
id Vulnerabiity Scand") 
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The launch scan wizard walks you through the steps. You'll tell us the web application 


settings and then click Finish. 


you'd like to scan for vulnerabilities and select scan settings. Click Continue to make your 


Launch New WAS Vulnerability Scan 


Step 1 of 3 
o Scan Details 
2 Scan Settings 


3 Review And Confirm 


Check scan progress 


Turn help tip Off Launchhelp %& 


Name your scan and configure target to be assessed 


(") REQUIRED FIELDS 
My Vulnerability Scan 


Scan Target 


Tell us the web applications you want to scan for security risks. 
@ Names © Tags 

Select one or more web application names. The list includes all web applications you have access ti 
Web Applications* Please select a web application AM Remove All 
Demo Web Application 


Remove | View 


Continue 


The status column tells you the status (in this case Running). 


(9) Scan Management 


ZI 
r 


Scan List Schedules Option Profiles 


UEM [ues] 
Name 


Quick Filters 


[C My Scans 


mp10.102825880/— 
F fal My Discovery Scan 
http://10.10.26 238:80/ 


Want more info? Double click the scan row. Then you'll see the Scan Progress bar - this 
gives you an estimate of when the scan will finish. 


Scan Progress 
Statistics 


Links Collected 
13 


Scan running since 00:02:00 (9 minutes remaining) 


Links Crawled 


Requests Performed 
2 


12 


Avg. Response Time 
0.122006 seconds 
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Your scan results 
Select the finished scan to see a preview of the scan (below the list). 


Scan List Schedules Option Profiles Defaults 


ns (1) v [New Scan v 


] 1-80 0f80 uv 
Name Status Progression # Links Severity ScanDate v~ 
[FA Web App Discovery Scan - 2017-07-13 Submitted = = = 13 Jul2017 m+ 
http:/10.11.72.37 E 
V] [| Web App Vulnerability Scan - 2017-07-12 E Finished - 10 CEJ 220207 m 


http//10.11.72.37 


= x Full scan 
Preview | Actions v. | report 


Web App Vulnerability Scan - 2017-07-12 


Web application: Demo Web Application 
Scan Launched by | 12 Jul2017 3:39PM GMT-0530 | Finished (00:08:59) 
Mode: [F] on-Demand # vulnerabilities High Severity Medium Severity Low Severity 


Authentication: None 120 40 11 69 


Scanner. WAS Scanner 2 


Snapshot of web app 
Detections 


The scan view 


Hover over the scan and select View from the Quick Actions menu. The Overview gives 
you an overview of the scan findings. 


WAS Vulnerability Scan View Want to see the full 

scan report? Just 
View Mode Scan findings overview cli ck th e View Rep ort 
Web App Vulnerability Scan - 2017-07-12 button. 


Target Demo Web Application 
SEED Status: Finished 


Scan Settings Authentication Status: None 
Applications Scanned: E 
Action Log Start Date: 12 Jul 2017 3:39PM GMT+0530 


Duration: 00:08:59 


Crawling Time Assessment Time Operating System 
00:01:38 00:07:20 Linux 2.4-2.6 ... 


Links Collected Links Crawled Requests Performed Avg. Response Time 
251 10 5342 0.043402 seconds 
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The full scan report 
Vulnerabilities are sorted by group. 


mi Report Management 


Reports Schedules Templates Defaults 


Results (138) 


Vulnerabilities (120) 
v Cross-Site Scripting (45) 
> NENNEN 150117 Path-Based Cross-Site Scripting (XSS) (19) 

> EENNE 150046 Reflected Cross-Site Scripting In HTTP Header (11) 

> NENNEN 150013 Browser-Specific Cross-Site Scripting Vulnerabilities (1) 
v MMI 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (5) 


++ Click here to see 
vulnerability details 


https://10.11.72.37/?account=business (Parameter B2. 
https://10.11.72.37/boq/parseAction.php (Parameter ques! 


https://10.11.72.37/bog/parseAction. php (Parameter. login 
https://10.11.72.37/boo/parseAction php (Parameter password) AVM tres) wm bret ed 
https:#/10.11.72.37/accountcorp=corporate (Parameter account 


a 450084 Unencoded characters (10) MEE 150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities Install Patch Ignore Retest 
URL: https://10.11.72 37/?account-business 


n. box 


* SQL Injection (2) 


> NENNEN 150047 SOL Injection InHTTP Header /!| Finding# 1832237* (32012854) Web Application Demo Web Application 
: i Patch # - Authentication Not Used 
> EENNE 150012 Blind SQL Injection (1) 
i Group Cross-Site Scripting 
> Path Disclosure (50) CWE CWE-79 Detection Date 42 Jul 2017 3:39PM GMT+0530 
Vijatscmation Disclosure: (22) OWASP A3 Cross-Site Scripting (XSS) External References — 
WASC WASC-8 Cross-Site Scripting 


> Information Gathered (15) 


CVSS Base 43 CVSS Temporal 3.9 
Appendix 
Detail Show 
> Scan Details E 
> Web Application Details: Demo Web Application : 
> Severity Levels Detection Information 
Parameter: Ithas been detected by exploiting the parameter account: 
The payloads section will display a list of tests that show how the param could have been exploited to collect the information 
Access Path: Here is the path followed by the scannerto reach the exploitable URL: 
pou m 
esq aptis qec mA L 
Payloads 


accountebusiness$20$3Cscripti3E q qi3Drandom()t3Ct2Fscripti3E 
GET https://10.11.72.37/?account-business&2083Cscript&3E q q&3Drandom()83CR2Fscript&3E 


Easily find out what the severity levels mean in the Appendix. 


iil}, Report Management [eer IE Scan report 2 + 


Results (169) s 


* Vulnerabilities (150) 
> Cross-Site Scripting (29) 
b SQL Injection (5) 
> Path Disclosure (58) 
> Information Disclosure (57) 
> Information Gathered (19) 


> Scan Details 
> Web Application Details: Demo Web Application 
w Severity Levels 

œ Confirmed Vulnerabilities 


Vulnerabilities (QIDs) are design flaws, programming errors, or mis-configurations that make your web application and web application platform susceptible to malicious attacks. Depending on the level of the security risk, 
the successful exploitation of a vulnerability can vary from the disclosure of information to a complete compromise of the web application and/or the web application platform. Even ifthe web application isn't fully 
compromised, an exploited vulnerability could still lead to the web application being used to launch attacks against users ofthe site. 


Severity Level Description 

n Minimal Basic information disclosure (e.g. web server type, programming language) might enable intruders to discover other vulnerabilties, but lack of this information does not make the vulnerability harder to find. 

am Medium Intruders may be able to collect sensitive information about the application platform, such as the precise version of software used. With this information, intruders can easily exploit known vulnerabilities 
specific to software versions. Other types of sensitive information might disclose a few lines of source code or hidden directories. 

EEE peren Vuinerabilties at this level typically disclose security-related information that could result in misuse or an exploit. Examples include source code disclosure or transmitting authentication credentials over non- 
encrypted channels 

BEEN Critical Intruders can exploit the vulnerability to gain highly sensitive content or affect other users of the web application. Examples include certain types of cross-site scripting and SQL injection attacks. 

NENNEN gent Intruders can exploit the vulnerability to compromise the web application's data store, obtain information from other users' accounts, or obtain command execution on a host in the web application's 
architecture. 


> Potential Vulnerabilities 
b Sensitive Contents - 


Qualys Community Edition 
CloudView Free 


CloudView Free 


Qualys CloudView provides visibility and continuous security across all of your cloud 
environments. 


Quick Steps 
Activate CloudView Free service 
Add a connector 


View Resource Inventory 


Activate CloudView Free service 
Select the CV app from the app picker. 


Vulnerability Management Y 


AssetVwewr. 


Threat Protection 
IE. eed 


Utilities 
Administration 


Click Activate to get started with the CloudView Free service. 


CloudView 


Continuously monitor and secure your public clouds 


CloudView Free Service 


Get unparalleled visibility and CloudView's Cloud Inventory: A Free Security App For 
continuous security of public cloud Public Cloud Visibility 
infrastructure 
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Qualys Community Edition 
CloudView Free 


The Quick Start Guide appears with 3 quick steps to securing your public clouds. We'll 
help you with these steps. 


CloudView FREE ~ woe 


Get started with these quick steps 


Setup De connector to start mortore your cud account. Use fe on screen ratructons to get help n seting up the connector 


o View Resource Inventory » 
Get the visbéity of wt the res different accounts and cout plattorme 
© sars © 


Swagger suppen n Quays Wes Application 
‘Scanning heips you secure REST AP 


warn the mascortqured resources cron accounts and cloud piattorma 


Add a connector 


Once you have your connector, we’ll start discovering resources that are present in your 
cloud account. You can create AWS connectors and Azure connectors. 


Create AWS connector 


Go to the Configuration tab and select Create Connector > Amazon Web Services. 


DASHBOARD RESOURCES MONITOR POLICIES CONFIGURATION 


Configuration 


Create Connector V 


CONNECTOR NAME Amazon Web Services 


Microsoft Azure 


Provide a name and description (optional) for your connector. Then copy settings from the 
connector details: Qualys AWS Account ID and External ID. You'll need these for creating 
your IAM role in the AWS console.. 


© Create AWS Connector Follow the detailed 


Create A Role For Cross Account Access 


aiii Connector Details steps on the right 
Give your connecter à name and provide à descrigten (optional) 1. Log in to Amazon Web Services (AWS) Console. . 
Enter — APSCISGES side of the screen 
connector My ANS Comer dae aceasta to create an IAM 


A. Under “Select type of trusted entity" choose Another 
Then 


name —— mere aoe role in AWS and get 
the Role ARN value. 


$ Find De policy tied “Security Mead” and select the 
check box next to & Optionally, creste a custom AWS 
14M Policy following detads in the onie help. Click 
Specify cross account ARN Newt: Review 


Follow stepa on the right to oreste an LAM role in AWS that wil ve Qualys rot account accen to your 6 ter à role sane (e à QuadyeCloudviewftole) and click 
AWS rescurcen. Then enter the Role ARN below Ti - YOT seed the Qualys AWS account IO and roie. 
O to complete the steps. 7. Chick on the role you jast created to view details. Copy 

the Role ARN value and paste Minto the conector 


settings 
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CloudView Free 


When you have the Role ARN value, come back to your connector in Qualys CloudView 
and paste the value into the connector details. Click Create Connector to finish. 


eate A Role For 


count Access 


ums Bes Connector Details 
Gv your contactor a nace and ronce à descr pton cct on 1. Lag in to Amazon Web Services (A9) Canscis 
2. Goto the IAM service. 
Name: 
3. Go to Roles and click Create Role 
MM 4 Under “Select type cf trusted entity’ choose Another 
AWS account. Then 
Description a. Paste in the Qualys AWS Account ID (from 
connector details). 
b. Select Require external ID aei paste in the (tema 
1D (trom connector detada). 
€ Chck Next Permissions. 
S Find the policy titled "SecurityAudit" and select the 
check box nart to A Optionally create a custom AWS 
IAM Policy following details in the online help. Cack 
Specify cross account ARN Next Review 
Folioa steps on the night to create ao LAM role n AWS that wil gre Qualys cross-eccount acowss to your 6. eter a cole name (0. QualysCloxdViefiche) and click 
AWS resources. Then enter the Role ARN below Tip - You need the Qualys AWS account ID and Create role. 
external iD to complete the steps 7. Click on the role you just created to view details. Copy 


The Acie ARN value and paste it into the consector 
details 


Qualys AWS Account ID: 
Want to create a role using CloudFormation ? 


Exteenal iC 


Copy 


Role ARN 
gen-awesige-1111111119 11 role/QuatysEC2Role 


Cancel 


That's it! The connector will establish a connection with AWS to start discovering 
resources from each region and evaluate them against policies. 


Want to create a role using CloudFormation? 
Download the CloudFormation template from the Create AWS Connector window. 


© Create AWS Connector 


Create A Role For Cross Account Access 
Camar ieii Connector Details 
Gove you comata à name and ronce a descroton (cotra 


2 Log in to Amazon Web Services (AWS) and go to 
Clodi ormston 


Wart to create a role vang Cloudf oration ? 


3. Create stack & upload template. 
4 When the stack is complete, copy the Role ARN value 
from the output and paste it into the connector details 


Description 


Follow the steps on the screen to create a stack and upload the template. When the stack 
is complete, copy the Role ARN from the output and paste it into the connector details. 


Create Azure connector 


Go to the Configuration tab and select Create Connector > Microsoft Azure. 


CloudView * DASHBOARD RESOURCES t POLICIES CONFIGURATION 


Configuration 


Create Connector "v 


Amazon Web Services ACCOUNT ID 


[m 179064574731 
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*- Create Azure Connector 


Connector Details 
Give your connecter a name and pro 


Enter Azure Account Name 


Provide a name and description (optional) for your connector. 


Applicaton and get Appication ID 


Create application in Azure Active Directory and you can 
‘hen note the application ©. 
Log on to the Microsoft Azure console. Go to Arwe 
Active Deectory n the left navigation pare. then App 
Regsvatons 
2 Click New application registration and provide these 
detais 
à Name A name for the application (6 9 
My Azure, Connector) 
b. Application Type Select Web app/API 
€. Sigrron URL: Enter any valid URL (e 9. 


3. Click Create. The newly created app appears in the 
Mat of applications. Copy the Application ID and 
paste n into the connector datats. 


Qualys Community Edition 
CloudView Free 


Follow the detailed steps on the right side of the screen (and see the online help) to 


configure the application ID, directory ID, authentication key and subscription ID from the 
Microsoft Azure console to paste into your connector details. 
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View Resource Inventory 


Upon setting up your connector, it starts discovering the resources that are present in your 
cloud account. The resources inventory and the metadata of the resources is pushed to 
Qualys portal. You can navigate to the Resources tab to view the resources getting 
collected along with their details. 


Dashboard 


The Qualys CloudView application provides out-of-the box default AWS Security Overview 
Dashboard providing a summary of inventory and security posture across resources. 


The default dashboard provides: 

- Resource inventory - Route Tables, EC2 Instances, VPC, Subnets, IAM Users, etc 

- Total evaluation failures i.e. the resources misconfigurations by control criticality 
- Security posture at each region level showing resources and failures 


- Top 5 Accounts with maximum control failures 


- Top 5 Failed controls 


Check out this sample dashboard 


CloudView DASHBOARD AÉ 


AWS-Dashboard v 


Last30Days Y o 


RESOURCE DISTRIBUTION BY TYPE FAILURES BY CONTROL CRITICALITY 


1312 


= 


SECURITY POSTURE BY REGIONS 


All Regions 


er p 52 i o O 
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Resources Details 


The Resources tab displays the information about various resources collected. It helps you 
to identify the number of resources for each type and the number of resources that have 
one or more control failures. You can click on a row to view the number of resources of a 
specific type. You can click on an individual resource to view the details. For each resource 
you will view the following information. 


Resources Summary 


The List View provides a summary of your resources, including the total resources and the 
number of failed resources for each resource type. 


CloudView HGOARI RESOURCES 


11 


Total Resource Types 


ACCOUNT norm 
363031250652 251 RESOURCE TYPE ‘SERVICE TOTAL RESOURCES: RESOURCES FAILED 
619664856109 ne 


Subnet 


RESOURCE TYPE 
Network ACL 
Subnet “n 


Security Group 76 Internet Gateway 


IAM User 62 Load Bal 


REGIONS ee 


N Virginia 169 Route Table 
Mumbai 4) 
53 Bucket 
Ohio » 


eo-~ #8 e@0 06 


From here you can drill-down into any resource type to see instance details like the 
number of detected vulnerabilities, resource associations, location and network 
information. 


The vulnerability related data is populated only if you are using a scanner 
appliance or Cloud Agent. 
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Community Edition vs. Express Lite 


You'll get even more functionality with Qualys Express Lite. Contact your Technical 


Account Manager or Qualys Support to upgrade today. 


Vulnerability Management (VM) 


Community Edition 


Express Lite 


Account 
Users 1 user 3 users 
Scan data retention 3 months Up to 13 months (user defined) 


Account data retention 


Account data purged after 6 
months of no activity 


Account data maintained 
indefinitely with subscription 


API compatible No Yes 
Scanning 
PCI attestation compatible No Yes - Fully compatible 


Scan notification & 
distribution 


Sent to account owner only 


Sent to user defined 
distribution lists 


Scheduled scans 


Reporting 


Weekly and Monthly scans 


Full scheduling functionality 


Report templates 


Scan Report, Technical Report 
and Executive Report 


All report templates available 
and fully customizable 


Scheduled reports 


Not available 


Full scheduling functionality 


Report notification & 
distribution 


Sent to account owner only 


Sent to user defined 
distribution lists 


Option Profiles 


Number of profiles 


3 default profiles, 1 custom 


Full library of profiles, 
unlimited custom profiles 


Web Application Scanning (WAS) 


Community Edition 


Express Lite 


Scanning 


Scheduled scans 


Not available 


Full scheduling functionality 


Reporting 


Report templates 


Scheduled reports 


Scan Report only 


Not available 


Full Report library 


Full scheduling functionality 


Option Profiles 


Customization 


2 profiles total: Initial Options 
and 1 custom 


T] 


ull library of profiles and full 
ustomization functionality 


Q 
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